{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T00:53:28Z","timestamp":1771462408046,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540736134","type":"print"},{"value":"9783540736141","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-73614-1_9","type":"book-chapter","created":{"date-parts":[[2007,9,13]],"date-time":"2007-09-13T03:09:45Z","timestamp":1189652985000},"page":"140-156","source":"Crossref","is-referenced-by-count":27,"title":["Characterizing Dark DNS Behavior"],"prefix":"10.1007","author":[{"given":"Jon","family":"Oberheide","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manish","family":"Karir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Z. Morley","family":"Mao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: RFC 1034: Domain names: concepts and facilities (November 1987), ftp:\/\/ftp.internic.net\/rfc\/rfc1034.txt","DOI":"10.17487\/rfc1034"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: RFC 1035: Domain names: implementation and specification (November 1987), ftp:\/\/ftp.internic.net\/rfc\/rfc1035.txt","DOI":"10.17487\/rfc1035"},{"key":"9_CR3","unstructured":"Bellovin, S.: Using the domain name system for system break-ins. In: Proceedings of the 5th USENIX UNIX Security Symposium (1995)"},{"key":"9_CR4","unstructured":"Samwalla, R., Sharma, R., Keshav, S.: Discovering Internet Topology (unpublished manuscript)"},{"key":"9_CR5","unstructured":"Silveira, A.: TXDNS: an aggressive multithreaded DNS digger, http:\/\/www.txdns.net\/"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Ishibashi, K., Toyono, T., Toyama, K., Ishino, M.: Detecting mass-mailing worm infected hosts by mining DNS traffic data. In: Proceedings of the Special Interest Group on Data Communications (SIGCOMM) (2005)","DOI":"10.1145\/1080173.1080175"},{"key":"9_CR7","unstructured":"Kristoff, J.: Botnets, detection and mitigation: DNS-based techniques. NU Security Day (2005)"},{"key":"9_CR8","unstructured":"Schonewille, A., van Helmond, D.-J.: The Domain Name Service as an IDS: How DNS can be used for detecting and monitoring badware in a network (February 2006), http:\/\/staff.science.uva.nl\/delaat\/snb-2005-2006\/p12\/report.pdf"},{"key":"9_CR9","unstructured":"Whyte, D., Kranakis, E., Van Oorschot, P.: DNS-based Detection of Scanning Worms in an Enterprise Network. In: Proceedings of the Network and Distributed Systems Symposium (NDSS) (2005)"},{"key":"9_CR10","unstructured":"Bethencourt, J., Franklin, J., Vernon, M.: Mapping Internet Sensors with Probe Response Attacks. In: Proceedings of Usenix Security Symposium (2005)"},{"key":"9_CR11","unstructured":"Shinoda, Y., Ikai, K., Itoh, M.: Vulnerabilities of Passive Internet Threat Monitors. In: Proceedings of Usenix Security Symposium (2005)"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Rajab, M., Monrose, F., Terzis, A.: Fast and Evasive Attacks: Highlighting the Challenges Ahead. In: Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID) (September 2006)","DOI":"10.1007\/11856214_11"},{"key":"9_CR13","unstructured":"Oberheide, J., Karir, M.: Honeyd Detection via Packet Fragmentation. Technical report, Merit Networks Inc. (2006)"},{"key":"9_CR14","unstructured":"Sinha, S., Bailey, M., Jahanian, F.: Shedding Light on the Configuration of Dark Addresses. In: Proceedings of NDSS (2007)"},{"key":"9_CR15","unstructured":"Brownlee, N.: DNS Root\/gTLD Performance Measurements. IETF Meeting (2001), http:\/\/www.caida.org\/publications\/presentations\/ietf0112\/"},{"key":"9_CR16","unstructured":"Nemeth, E.: DNS Damage - Measurements at a Root Server. IETF Meeting (2001), http:\/\/www.caida.org\/publications\/presentations\/ietf0112\/"},{"key":"9_CR17","unstructured":"Wessels, D., Fomenkov, M.: Wow, That\u2019s a Lot of Packets. In: Proceedings of Passive and Active Measurement Workshop (September 2003)"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and the Effectiveness of Caching. In: Proc. ACM SIGCOMM Internet Measurement Workshop (2001)","DOI":"10.1145\/505202.505223"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Gummadi, K.P., Saroiu, S., Gribble, S.D.: King: Estimating Latency between Arbitrary Internet End Hosts. In: Proceedings of SIGCOMM IMW (2002)","DOI":"10.1145\/637201.637203"},{"key":"9_CR20","unstructured":"Internet\u00a0Systems Consortium. ISC Internet Domain Survey Background (2006), http:\/\/www.isc.org\/index.pl"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service Activity. In: Proceedings of the 2001 USENIX Security Symposium (2001)","DOI":"10.21236\/ADA400003"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-73614-1_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,3]],"date-time":"2019-05-03T01:30:53Z","timestamp":1556847053000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-73614-1_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540736134","9783540736141"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-73614-1_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007]]}}}